по
Journal Menu
> Issues > Rubrics > About journal > Authors > About the Journal > Requirements for publication > Council of Editors > List of peer reviewers > Review procedure > Policy of publication. Aims & Scope. > Article retraction > Ethics > Legal information
Journals in science databases
About the Journal

В погоне за двумя зайцами поймай обоих сразу!
34 журнала издательства NOTA BENE входят одновременно и в ERIH PLUS, и в перечень изданий ВАК
При необходимости автору может быть предоставлена услуга срочной или сверхсрочной публикации!
MAIN PAGE > Back to contents
Technologies of security control for automated systems on the basis of structural and behavioral software testing
Mironov Sergei Vladimirovich

Deputy Director, Department of Information Technology in the Management of Public and Municipal Finance and Information Support of the Budgetary Process, the Ministry of Finance of the Russian Federation

109097, Russia, Moscow, ul. Il'inka, 9

gniiivm-m@yandex.ru
Другие публикации этого автора
 

 
Kulikov Grigorii Vladimirovich

PhD in Technical Science

 
Ph.D. in Technical Sciences, Deputy Chief, "NPO RusBITeh"

117105, Russia, Moscow, shosse Varshavskoe, 26, stroenie 11, of. 505

gniiivm-g@yandex.ru
Другие публикации этого автора
 

 

Abstract.

The subjects of the study are the basic methods and principles of testing software systems used in the interest of the safety evaluation and control of automated systems. The study provides recommendations on the methods of software testing for the most common threats to security subsystems such as firewall, audit; access control; integrity monitoring; password and encryption. The authors considered the possibility that the product could contain the following vulnerabilities: buffer overflow, incorrect handling of format means, race problems. The research methods include the methods of the theory of programming, theory of reliability, software engineering, error-correcting coding, information security, system analysis. The main conclusion of the study is that software testing is a powerful tool to detect both errors in the software and security vulnerabilities. Modern methods of behavioral testing allow to identify vulnerabilities without software source code and can be used successfully in the Russian market, where accessing the source code for testing purposes is almost impossible.

Keywords: structural testing, software engineering, program testing method, Security Subsystem, software vulnerabilities, behavioral testing, testing programs, information security, safety of the automated system, threat security programs

DOI:

10.7256/2306-4196.2015.5.16934

Article was received:

08-11-2015


Review date:

09-11-2015


Publish date:

27-11-2015


This article written in Russian. You can find full text of article in Russian here .

References
1.
Markov A.S., Mironov S.V., Tsirlov V.L. Vyyavlenie uyazvimostei programmnogo obespecheniya v protsesse sertifikatsii // Informatsionnoe protivodeistvie ugrozam terrorizma. 2006. № 7. S. 177-186.
2.
Kotenko I.V., Saenko I.B., Yusupov R.M. Perspektivnye modeli i metody zashchity komp'yuternykh setei // Vestnik Rossiiskoi akademii nauk. 2013. T. 83. № 5. S. 463.
3.
Nepomnyashchikh A.V., Kulikov G.V., Sosnin Yu.V., Nashchekin P.A. Metody otsenivaniya zashchishchennosti informatsii v avtomatizirovannykh sistemakh ot nesanktsionirovannogo dostupa // Voprosy zashchity informatsii. 2014. № 1 (104). S. 3-12.
4.
Lakutin A. Autsorsing testirovaniya programmnogo obespecheniya. M.: KIS, 2002. 412 s.
5.
Men'shikh V.V., Koval'chuk A.A. Otsenki uyazvimosti i opasnosti rasprostraneniya ugroz informatsionnoi bezopasnosti v telekommunikatsionnykh sistemakh // Informatsionnaya bezopasnost' regionov. 2013. № 2 (13). S. 17-22.
6.
Maiers G. Iskusstvo testirovaniya programm. M.: Finansy i statistika, 1982. 176 s.
7.
Nashchekin P.A., Nepomnyashchikh A.V., Sosnin Yu.V., Kulikov G.V. Kriterii i metody proverki vypolneniya trebovanii po zashchishchennosti avtomatizirovannoi sistemy pri izmenenii nastroek ili vydelennykh resursov sredstv zashchity informatsii // Voprosy zashchity informatsii. 2013. № 4 (102). S. 50-53.
8.
Golosovskii M.S. Informatsionno-logicheskaya model' protsessa razrabotki programmnogo obespecheniya // Programmnye sistemy i vychislitel'nye metody. 2015. № 1. S. 59-68.
9.
Bogomolov A.V., Chuikov D.S., Zaporozhskii Yu.A. Sredstva obespecheniya bezopasnosti informatsii v sovremennykh avtomatizirovannykh sistemakh // Informatsionnye tekhnologii. 2003. № 1. S. 2.
10.
Beizer B. Testirovanie chernogo yashchika. Tekhnologii funktsional'nogo testirovaniya programmnogo obespecheniya sistem. SPb.: Piter, 2004. 318 s.
11.
Sosnin Yu.V., Kulikov G.V., Nepomnyashchikh A.V. Kompleks matematicheskikh modelei optimizatsii konfiguratsii sredstv zashchity informatsii ot nesanktsionirovannogo dostupa // Programmnye sistemy i vychislitel'nye metody. 2015. № 1. S. 32-44.
12.
Khovard M., Ledblank D., Viega D. 19 smertnykh grekhov, ugrozhayushchikh bezopasnosti programm: Kak nedopustit' tipichnykh oshibok. M.: Izdatel'skii Dom DMK-press, 2006. 288 s.
13.
Markov A.S., Mironov S.V., Tsirlov V.L.. Vyyavlenie uyazvimostei v programmnom kode // Otkrytye sistemy, №12, 2005. S.64-69.
14.
Nepomnyashchikh A.V., Nepomnyashchikh E.V., Lavrov D.N. Prioritizatsiya trebovanii k programmnomu obespecheniyu v usloviyakh nepreryvnoi integratsii // Prikladnaya informatika. 2012. № 1 (37). S. 20-27.
15.
Borodakii Yu.V., Kulikov G.V., Nepomnyashchikh A.V. Metodika otsenivaniya funktsional'nykh vozmozhnostei sistem obnaruzheniya vtorzhenii na osnove ranzhirovaniya stepeni opasnosti atak // Izvestiya YuFU. Tekhnicheskie nauki. 2006. № 7 (62). S. 124-128.
16.
Brunilin A.A., Kuvaev V.O., Saenko I.B. Ontologicheskii podkhod k organizatsii informatsionnogo vzaimodeistviya raznorodnykh avtomatizirovannykh sistem spetsial'nogo naznacheniya // T-Comm: Telekommunikatsii i transport. 2015. T. 9. № 2. S. 69-73.
17.
Markov A.S., Mironov S.V., Tsirlov V.L. Opyt testirovaniya setevykh skanerov uyazvimostei // Informatsionnoe protivodeistvie ugrozam terrorizma. 2005. № 5. S. 109-122.
18.
Rudakov I.S., Rudakov S.V., Bogomolov A.V. Metodika identifikatsii vida zakona raspredeleniya parametrov pri provedeniya kontrolya sostoyaniya slozhnykh sistem // Informatsionno-izmeritel'nye i upravlyayushchie sistemy. 2007. T. 5. № 1. S. 66-72.
19.
Grusho A.A., Grusho N.A., Timonina E.E. Iskusstvennaya nedostovernost' informatsii kak sredstvo ee zashchity // Vestnik RGGU. Seriya: Dokumentovedenie i arkhivovedenie. Informatika. Zashchita informatsii i informatsionnaya bezopasnost'. 2011. № 13 (75). S. 123-127.
20.
Fedorov M.V., Kalinin K.M., Bogomolov A.V., Stetsyuk A.N. Matematicheskaya model' avtomatizirovannogo kontrolya vypolneniya meropriyatii v organakh voennogo upravleniya // Informatsionno-izmeritel'nye i upravlyayushchie sistemy. 2011. T. 9. № 5. S. 46-54.
21.
Men'shikh V.V., Pastushkova E.A. Generatsiya variantov sinteza upravlyayushchikh vozdeistvii dlya prinyatiya reshenii v sistemakh kriticheskogo primeneniya s ispol'zovaniem funktsional'no izbytochnogo nabora deistvii // Sistemy upravleniya i informatsionnye tekhnologii. 2014. T. 57. № 3. S. 15-19.
22.
Golosovskii M.S. Modelirovanie zhiznennogo tsikla spetsial'nogo programmnogo obespecheniya // Sbornik trudov II vserossiiskoi nauchno-prakticheskoi konferentsii «Yuzhno-Ural'skaya molodezhnaya shkola po matematicheskomu modelirovaniyu». Chelyabinsk, 2015. S. 55-62.
23.
Kozlov V.E., Bogomolov A.V., Rudakov S.V., Olenchenko V.T. Matematicheskoe obespechenie obrabotki reitingovoi informatsii v zadachakh ekspertnogo otsenivaniya // Mir izmerenii. 2012. № 9. S. 42-49.
24.
Kukushkin Yu.A., Bogomolov A.V., Ushakov I.B. Matematicheskoe obespechenie otsenivaniya sostoyaniya material'nykh sistem // Informatsionnye tekhnologii. 2004. № 7 (prilozhenie). 32 s.
25.
Ermakov A.D. Testirovanie bezopasnosti programmnogo obespecheniya s ispol'zovaniem verifikatorov // Izvestiya vysshikh uchebnykh zavedenii. Fizika. 2013. T. 56. № 9-2. S. 181-183.
26.
Azymshin I.M., Chukanov V.O. Analiz bezopasnosti programmnogo obespecheniya // Bezopasnost' informatsionnykh tekhnologii. 2014. № 1. S. 45-47
Link to this article

You can simply select and copy link from below text field.


Other our sites:
Official Website of NOTA BENE / Aurora Group s.r.o.
"History Illustrated" Website